Technology Sharing

【RHCE】HTTP service (HTTPS) based on user authentication and TLS encryption

2024-07-12

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

Table of contents

1. Create a user account

2. TLS Encryption

3. Configure the http service sub-configuration file

4. Create a folder to access the http service and redirect the input to the file

5. Configure Linux local warehouse and local warehouse under Windows

6. Basic Operations

7. Testing

1. Create a user account

User Authentication

  1. # 创建两个账户
  2. [root@localhost ~]# htpasswd -c /etc/httpd/zhanghao tom
  3. New password: 
  4. Re-type new password: 
  5. Adding password for user tom
  6. [root@localhost ~]# htpasswd /etc/httpd/zhanghao jerry
  7. New password: 
  8. Re-type new password: 
  9. Adding password for user jerry
  10. # 查看是否创建成功
  11. [root@localhost ~]# tail /etc/httpd/zhanghao
  12. tom:$apr1$2s/wloz6$G0SlGTKB62a4.2gJmy.AL.
  13. jerry:$apr1$lOxB9Dtq$tOTaJ35Jtt8dWouHbjgWi1

2. TLS Encryption

1. Download mod_ssl

[root@localhost ~]# yum install mod_ssl -y

Note: To download the software, you need to configure the warehouse and mount it. If necessary, you can check the article I wrote earlier.

2.tls encryption:

  1. # 创建密钥
  2. [root@localhost certs]# openssl genrsa -aes128 2048 > jiami.key
  3. # 输入密码
  4. Enter PEM pass phrase:
  5. Verifying - Enter PEM pass phrase:
  6. # 创建证书
  7. [root@localhost certs]# openssl req -utf8 -new -key jiami.key -x509 -days 100 -out jiami.crt
  8. Enter pass phrase for jiami.key:
  9. You are about to be asked to enter information that will be incorporated
  10. into your certificate request.
  11. What you are about to enter is what is called a Distinguished Name or a DN.
  12. There are quite a few fields but you can leave some blank
  13. For some fields there will be a default value,
  14. If you enter '.', the field will be left blank.
  15. -----
  16. Country Name (2 letter code) [XX]:86              # 国家
  17. State or Province Name (full name) []:shaanxi     # 省份
  18. Locality Name (eg, city) [Default City]:xi'an     # 城市
  19. Organization Name (eg, company) [Default Company Ltd]:rhce  # 组织
  20. Organizational Unit Name (eg, section) []:peihua  # 组织单元
  21. Common Name (eg, your name or your server's hostname) []:www.hehe.com # 主机名!!!
  22. Email Address []:[email protected]    # 邮箱

3. Move the key location

  1. # 移动密钥位置
  2. [root@localhost certs]# cd /etc/pki/tls/certs
  3. # 密钥位置为/etc/pki/tls/private/jiami.key
  4. [root@localhost certs]# mv jiami.key ../private/

4. Modify the /etc/httpd/conf.d/ssl.conf file

  1. SSLCertificateFile /etc/pki/tls/certs/jiami.crt
  2. SSLCertificateKeyFile /etc/pki/tls/private/jiami.key

Modify the key and certificate created for you

3. Configure the http service sub-configuration file

  1. [root@localhost certs]# vim /etc/httpd/conf.d/vhost.conf 
  2. # 重启服务时需要输入创建tls时的密码
  3. [root@localhost certs]# systemctl restart httpd
  4. 🔐 Enter TLS private key passphrase for www.hehe.com:443 (RSA) : ******

document content:

  1. <directory /www>
  2. allowoverride none
  3. require all granted
  4. </directory>
  5. # 用户认证
  6. <directory /usr/local/secret>
  7. authtype basic
  8. authname "Please input your passwd: "
  9. authuserfile /etc/httpd/zhanghao
  10. require user tom jerry
  11. </directory>
  12. # tls加密,地址为自己的主机地址,端口为443代表https服务
  13. <virtualhost 192.168.198.151:443>
  14. SSLEngine on
  15. SSLCertificateFile /etc/pki/tls/certs/jiami.crt
  16. SSLCertificateKeyFile /etc/pki/tls/private/jiami.key
  17. documentroot /www/hehe
  18. servername www.hehe.com
  19. alias /hehe /usr/local/secret
  20. </virtualhost>

Restart the http service

systemctl restart httpd

4. Create a folder to access the http service and redirect the input to the file

  1. [root@localhost certs]# mkdir /www
  2. [root@localhost certs]# mkdir /www/hehe
  3. [root@localhost certs]# mkdir /usr/local/secret
  4. [root@localhost certs]# echo hehe > /www/hehe/index.html
  5. [root@localhost certs]# echo secret > /usr/local/secret/index.html

5. Configure Linux local warehouse and local warehouse under Windows

1.Linux local warehouse (/etc/hosts)

  1. [root@localhost certs]# vim /etc/hosts
  2. 192.168.198.151   www.hehe.com

2. Configure the local warehouse in Windows

If you need to test in the browser, you need to configure the Windows local warehouse (C:WindowsSystem32driversetchosts)

2.1 win+r to open the run window

2.2ctrl+shift+enter, run as administrator

2.3 Type "notepad" and the Notepad will pop up.

2.4 Opening a File

2.5 Select /windows/system32/drivers/etc/hosts

2.6 Add the code to the hosts file

192.168.198.151  www.hehe.com

6. Basic Operations

  1. [root@localhost certs]# systemctl stop firewalld
  2. [root@localhost certs]# setenforce 0
  3. # 修改过子配置文件,都需要重启http服务,生效
  4. [root@localhost certs]# systemctl restart httpd

7. Testing

Personal profile

I have devoted myself to the research of technology for more than 30 years. I am proficient in various languages ​​such as Java, Linux, JavaScript, PHP, CSS, etc. I have made many contributions in the field of open source. I have established a developer documentation site to share some problems in technology development for everyone to read.

my contact information

Mail